Samsung Service Centers in Italy Targeted in Malware Campaign

Security researchers have discovered ongoing malware campaigns targeting Samsung service centers in Italy, campaigns that appear to be the counterparts of attacks that have previously targeted similar electronics service centers in Russia this year.

These malware campaigns are nothing out of the extraordinary, and the only thing that remains a mystery is their purpose and end goal.

Mundane malware distribution effort

The attacks usually start with the delivery of spoofed spear-phishing emails to Samsung Italy service center workers.

The entire malware delivery system and exploit chain is described in a detailed report published by Italian cyber-security firm TG Soft and is near identical to the attacks targeting electronics service centers in Russia, as described in a previous Fortinet report.

Both attack waves, targeting Italy and Russia, started at the end of March, according to the two reports. But while Russian service centers were targeted with the Imminent Monitor RAT, the attacks on Samsung Italy service centers also leveraged other RATs, such Netwire and njRAT.

Both companies also noted that the spear-phishing emails are very well put together, and appear to have been written by a native in Italian and Russian, respectively.

Nobody knows the purpose of these attacks

But despite all the data gathered by TG Soft and Fortinet, the two companies have not been able to determine why the hackers are trying to infect electronics service centers, to begin with.

Such service centers hold very little customer data that a threat actor could steal, and an attacker having many other more attractive companies he could target and gain more useful data from.

One explanation may be that attackers are trying to taint the tools used in these service centers so that they could infect the repaired devices with malware. But this is only a theory, as no evidence has been unearthed to support this scenario, and this entire malware distribution campaign remains shrouded in a fog of mystery.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.